Atwix MageNews – August 2019

by Roman Glushko

August 16, 2019 Comments (0)

Welcome to the August edition of Atwix MageNews!
This is the 7th digest in the series and it’s all about updates from Magento world, upcoming changes and experience sharing. Interested? Come in and read more!

Not to Miss

New Payment Security Standards and Magento

Currently, two payment standards are shaping the payment industry. This is all about 3-D Secure 2.0 and PSD2.

The main change of 3-D Secure 2.0 is that merchants and issuer banks will exchange contextual data to automatically verify the identity of the customers and detect high-risks transactions which are less than 5 percent of all placed transactions. This helps to reduce transaction time by 85% and the drop-off rate by 70%.

The PSD2 (Payment Service Directive 2) is a reviewed EU payment directive which requires payment providers to apply Strong Customer Authentication (SCA). SCA requires to use at least two of the following factors to verify identity during transactions:
– Something the customer knows: password or PIN they set
– Something the customers has: phone or hardware token for authentication
– Something the customer is: fingerprint, face recognition.
Starting September 14, 2019 European banks will decline payments that require SCA but do not meet the above criteria.

These directives will affect Magento as well. Magento is going to deprecate core bundled integrations with CyberSource, Authorize.net, eWay, Worldpay in favor of official payment integrations available on the marketplace.

Adobe Analytics in Magento

Adobe announced a brand-new Analysis Workspace template for exploring your Magento commerce and marketing data. Check it out below!

A little Adobe news for your Friday: the latest step in the integration of Magento and #AdobeAnalytics is now live: a brand-new Analysis Workspace template for exploring your Magento commerce data and your marketing data. Here's the video overview: https://t.co/93eKghDXMm

Module Vendor Worst Practices

Ngrok + Magento + Docker

And again about ngrok service and Magento. This time Dmitry Shkoliar tells us how to share docker-powered Magento local environment with the world using a custom integration module to troubleshoot typical issues related to building URLs and caching.

Magento 2 JS Bundling

Andrew Levine analyzed current JavaScript bundling problems for Luma-based frontend. He pointed out the most significant differences between Magento frontend and the rest of webpack-based frontends. As a result we got a summary of challenges on a way of implementing optimized JS bundling.

Composer Root Updater

It’s great to see that Magento cares about upgrading process and tries to streamline it. For these needs, Magento created a composer plugin which automatically adjusts composer.json of the project making sure all dependencies comply with a new version of the platform. Don’t forget to try it next time you upgrade your projects!

We've got a new #Composer plugin that streamlines the process of upgrading to the latest greatest @magento Commerce.

This rad new plugin automates some manual steps in the upgrade process—it's easier + faster than ever!

Architecture

DocBlock Standards

Magento DocBlock Standards improvement has been announced by Vinai Kopp. This is a common effort and it resulted in removing rules which let to docBlock duplication. The proposal discourages usage of @inheritdoc directives which were based on adding obvious and redundant descriptions. It encourages commenting why some method or component was added and not how it was added. Read more about changes below.

Replacement for SCD

Static content deployment is one of the longest-running processes during Magento deployments. If the deployment process is not optimized, it even prolongs website downtime. Andrew Levine is working right now on a replacement for the current SCD. The biggest bottleneck is unofficial PHP LESS compiler. Andrew is working on a solution. The idea is to make Magento use official LESS compiler written on JavaScript and parallel style compiling via workers. This approach seems to be reasonable and works 6 times faster than the current one.

Less compilation is, by far, the biggest bottleneck in a deployment. I've spread the less compilation across workers so it can happen in parallel, without blocking other work in the main thread pic.twitter.com/Ft6X1GfnAS

Security

XSS in Authorize.net Order Cancelation Flow

Magento 2.3.2 contains numerous security improvements and it’s super important to apply them all on out-dated versions of the platform. One of such vulnerabilities and attack vectors was founded and disclosed by RIPS Tech team. According to it, merchants who use core bundled integration with Authorize.net could be vulnerable to unauthenticated stored XSS attack during order cancelation which combined with RCE exploit can give hackers access to the webserver. Make sure your projects are patched and ready for this!

Subscribe to our blog

Interestedin Atwix?

Smart Brands Choose Us.

From Mark Cuban and Sir Richard Branson backed startups, to Inc 500 US Fastest Growing Companies and Global Brands choose us to deliver and support unparalleled eСommerce experience for their customers.